Summary
Detail | |||
---|---|---|---|
Vendor | Trend Micro | First view | 2007-08-22 |
Product | Pc-Cillin Internet Security 2007 | Last view | 2007-10-30 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.6 | 2007-10-30 | CVE-2007-4277 | The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403. |
6.9 | 2007-08-22 | CVE-2007-3873 | Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
50% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
39755 | Trend Micro Multiple Products AntiVirus Scan Engine Tmxpflt.sys Tmfilter Filt... |
36630 | Trend Micro Multiple Products SSAPI Module vstlib32.dll VST Local Overflow |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2007-10-26 | Name: The remote Windows host contains a program that is affected by a local buffer... File: trendmicro_tmxpflt_overflow.nasl - Type: ACT_GATHER_INFO |